Yubikeys not recognized anymore (Mojave 10.14.6) #3970
Comments
|
Yubikey Manager does recognize my Keys, |
|
You need to provide KeePassXC with permission in the security and privacy settings. This is discussed elsewhere on the issue board. |
|
Which setting is that? |
|
See here: #3329 (comment) |
|
The issue does not seem to be a duplicate, issue 3329, I just read through it, affects Calatina It was recommended to add KeePass in system settings --> security --> privacy --> input monitoring - but that's on catalina. |
|
I linked you directly to a comment that may solve your problem. That thread contains solutions for all different versions. If you did not change KeePassXC, why do you suspect that we are the problem? This is very likely an OS issue. |
|
I saw it as well, but I did and do not have "Secure Keyboard Entry" enabled in Terminal's settings either. |
|
I did not change anything in my OS either. I don't know what the problem is, but KeePass is simply the app that has the problem at this time cause it stopped working the way it used to a few hours ago, that's why I came here. : ( This is actually a real huge emergency. |
|
Apple Menu > About This Mac > System Report, under Hardware > USB. I can see my Yubikeys here. Yubikey Manager also recognizes them. |
|
I am sorry but I do not have any further debugging steps that can be tried. You can try totally removing KeePassXC and "reinstalling" it. |
|
I tried to uninstall it and reinstall it. It did not help. |
|
Have you tried downgrading to 2.4.3? |
|
More importantly, did you resolve this? |
|
No it's not resolved. Downgrading did not help. I researched for hours, reading other issues, uninstalled gpg, I can not find a solution. |
|
It's a little late now for @goodc0re, but I got bit by a bug years ago in KeePassX and learned my lesson. I have a VeraCrypt encrypted volume that I use as a KeePass DR backup. Now, I weekly create a CSV export of all my databases to that encrypted volume, as well as all my .key and .kdbx files. So, if I loose a key, security token, hit a software bug, or run into any other problem, I have a backup from which I can recover, even into another password manager, if necessary. I actually have two "identical" encrypted volumes, each on a different flash memory stick. I rotate them, so hopefully even if I have a flash drive fail, I still have a backup. I store both in a fire-resistant safe. And, as a final layer of paranoia, I have a third copy of the encrypted volume which I update every six months and give to a friend who lives out of state to hold for me. @droidmonkey: Maybe something like this should be written up as "Best Practices for KeePass Disaster Recovery"? I hope this saves someone's hiney in the future! |
|
@goodc0re: Edit: Two other things I just thought of that have sometime fixed problems: Just a few debugging thoughts. I hope at least one of these helps! |
|
I finally found a way to at least temporarily open the KeePassXC database: When running KeePassXC as root, it does detect the YubiKeys! sudo /Applications/KeePassXC.app/Contents/MacOS/KeePassXC |
|
Glad to hear! However, that does show that you have a permissions problem. The question are: What? and Where? You may want to try to run Disk Utility's First Aid function and let it check for obvious system-level permissions problems. I suspect you may have a broken ACL or something borked when macOS updated. (My last security update for macOS broke Mail, TimeMachine, VeraCrypt, MacFuse, iTunes, and other stuff, and I had to reinstall it.) EDIT: More thoughts: If you run dtruss against keepassxc (with keepassxc as a regular users), you should see where the permissions problem is occurring. Maybe @droidmonkey can supply you with a version of keepassxc with debugging enabled which would also (hopefully) show you the same thing (without having to fight dtruss). Finding who doesn't like what is critical. If you have access to another Mac with the same macOS load, see if the problem occurs on it. If the it works on the second Mac after tweaking the privacy settings (as per @droidmonkey), then you can be relatively certain you have a macOS problem. Since 10.14.6 is supported even if your mac is past its support date, I'd open a case with Apple saying that you must have some sort of corruption issue. HOWEVER, I would advice that you first reinstall macOS from a fresh download of Mojave from the AppStore and then install all updates, because that's the first thing Apple will ask you to do. Good Luck! |
|
I have done many more tests, I found out that I had not been able to boot into safe mode, because I had to remove my firmware password first aparently. Then it took 30 minutes to start in safe mode with fans at full speed, not sure why maybe cause I have a 4TB SSD as my main drive. In safe mode I could open the database without starting KeePassXC as root and YubiKeys were being detected. So I disabled two things I had starting at boot, that was Parallels Toolbox and Keybase. I had rebooted about 10 - 20 times before trying that, without safe mode, and it made no difference, so perhaps, someone with the same problem can check if they happen to also have Parallels Toolbox or Keybase starting at boot. Then again, I have been having Parallels Toolbox and Keybase for months on this system and everything was working fine, the problem did not start after installing either of those programs. |
|
Most interesting! I'm sorry I didn't even think to run as root to rule out permissions issues. Glad it is working again. |
|
This is exactly the types of issues I had with the last security
update.
I would HIGHLY suspect that something got hosed in the security
update, and when you booted into safe mode, it repaired whatever was
the problem as part of the safe mode boot. I have seen safe mode fix
problems on many occasions, as does Disk Utility's First Aid.
Glad your problem is fixed!
|
|
I'm having the exact same problem on my Mac Catalina 10.15.1, and it only happens on KeePassXC 2.5.1. It flat out refuses to see the yubikey, while everything else does detect it including the YubiKey Manager, and even in Safe Mode it can't detect it. 2.5.0 however does detect the yubikey in both normal and in Safe Mode. I've been having this problem before I had Parallel's Toolbox installed, and as far as I can tell I don't have Keybase installed. |
|
See my link near the top of this issue on how to fix that. |
|
If you're referring to Disabling Secure Keyboard, I never had it enabled, but I tried, turning it on and back off, and didn't work. Terminal is showing the stuff for yubikey, but keepassxc doesn't show it. Terminal was originally showing However, I believe I found the cause that might help more. In Mac Catalina 10.15.1, you need to add KeePassXC to the Input Monitoring setting for Security & Privacy inside System Settings. Manually adding it fixes the problem, like what was mentioned by goodc0re 19 days ago. That was my problem, but it was slightly related to this. |
|
I am pretty sure I could identify the problem! When I have the keybase application running (keybase.io), then the yubikey is not being recognized by applications unless the application is being run as root. ykinfo -a will result in an error while sudo ykinfo -a will show the normal output When I use activity monitor to close all keybase related processes, even without a reboot, the Yubikey App as well as other apps like KeepassXC will recognize the Yubikey again! |
|
Could be that keybase is keeping the key opened in OpenPGP mode. |
|
Thanks @goodc0re and @Dimensional that worked for me: |
|
Thanks @0xcebe – that worked for me |
|
How do you add it? |
It's a little interesting you don't have the +/- buttons on the screen like in the other replies. Can you confirm you're running in an admin account? Some research shows you might be able to drag and drop the app into the field. |
Drag and drop doesn't work either. Yes. I suspect it's related to changes in both KeePassXC and Catalina (a recent update in either, as it used to work). #3329 |
|
Nothing changed on our end, its 100% macOS. |
|
@droidmonkey thank you! |
Workaround when the above won't work as no list appears: Populate Input Monitoring with another app first.
|
Suddenly KeePassXC 2.5.1 stopped recognizing all of my Yubikeys.
MacOS Mojave 10.14.6
I have multiple Yubikeys, different versions, none are recognized anymore, USB, USB-C, all of them. Rebooting, clicking refresh, unplugging them, nothing helps.
I have several databases protected with Yubikeys, I can not open any of them anymore.
Expected Behavior
When opening KeyPassXC I enter my password and the pulldown for Hardware Keys used to show my Yubikey.
Current Behavior
The pulldown menu for Hardware Keys on the login screen only shows "Select slot ..." with no yubikeys selectable, refresh does not help. Restarting the app, restarting macOS, different yubikeys, same problem.
Yubikey Manager does recognize my Keys,
for example a YubiKey 5C Nano and a YubiKey 4
Possible Solution
Tried to downgrade to 2.5.0, same problem.
Context
I'm dead.
Debug Info
KeePassXC - Version 2.5.1
Revision: 0fd8836
Qt 5.13.1
Debugging mode is disabled.
Operating system: macOS Mojave (10.14)
CPU architecture: x86_64
Kernel: darwin 18.7.0
Enabled extensions:
Cryptographic libraries:
libgcrypt 1.8.5
The text was updated successfully, but these errors were encountered: